From 2dc90a68616c44a667205bd6dc68e8cc5fbb63d8 Mon Sep 17 00:00:00 2001
From: Peter Dave Hello <hsu@peterdavehello.org>
Date: Thu, 1 Nov 2018 01:05:33 +0800
Subject: [PATCH 1/2] Move gpg key import after architecture checking

---
 Dockerfile-jessie.template  | 19 +++++++++----------
 Dockerfile-slim.template    | 19 ++++++++-----------
 Dockerfile-stretch.template | 19 +++++++++----------
 3 files changed, 26 insertions(+), 31 deletions(-)

diff --git a/Dockerfile-jessie.template b/Dockerfile-jessie.template
index 947612df..cccf1d96 100644
--- a/Dockerfile-jessie.template
+++ b/Dockerfile-jessie.template
@@ -3,16 +3,6 @@ FROM buildpack-deps:jessie
 RUN groupadd --gid 1000 node \
   && useradd --uid 1000 --gid node --shell /bin/bash --create-home node
 
-# gpg keys listed at https://github.com/nodejs/node#release-team
-RUN set -ex \
-  && for key in \
-    "${NODE_KEYS[@]}"
-  ; do \
-    gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
-    gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
-    gpg --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \
-  done
-
 ENV NODE_VERSION 0.0.0
 
 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
@@ -25,6 +15,15 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
     i386) ARCH='x86';; \
     *) echo "unsupported architecture"; exit 1 ;; \
   esac \
+  # gpg keys listed at https://github.com/nodejs/node#release-team
+  && set -ex \
+  && for key in \
+    "${NODE_KEYS[@]}"
+  ; do \
+    gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
+    gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
+    gpg --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \
+  done \
   && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
   && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
   && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
diff --git a/Dockerfile-slim.template b/Dockerfile-slim.template
index aa725120..d4e9f276 100644
--- a/Dockerfile-slim.template
+++ b/Dockerfile-slim.template
@@ -3,16 +3,6 @@ FROM debian:stretch-slim
 RUN groupadd --gid 1000 node \
   && useradd --uid 1000 --gid node --shell /bin/bash --create-home node
 
-# gpg keys listed at https://github.com/nodejs/node#release-team
-RUN set -ex \
-  && for key in \
-    "${NODE_KEYS[@]}"
-  ; do \
-    gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
-    gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
-    gpg --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \
-  done
-
 ENV NODE_VERSION 0.0.0
 
 RUN buildDeps='xz-utils' \
@@ -26,9 +16,16 @@ RUN buildDeps='xz-utils' \
       i386) ARCH='x86';; \
       *) echo "unsupported architecture"; exit 1 ;; \
     esac \
-    && set -x \
+    && set -ex \
     && apt-get update && apt-get install -y ca-certificates curl wget $buildDeps --no-install-recommends \
     && rm -rf /var/lib/apt/lists/* \
+    && for key in \
+      "${NODE_KEYS[@]}"
+    ; do \
+      gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
+      gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
+      gpg --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \
+    done
     && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
     && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
     && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
diff --git a/Dockerfile-stretch.template b/Dockerfile-stretch.template
index 4bdf7193..f31efbf3 100644
--- a/Dockerfile-stretch.template
+++ b/Dockerfile-stretch.template
@@ -3,16 +3,6 @@ FROM buildpack-deps:stretch
 RUN groupadd --gid 1000 node \
   && useradd --uid 1000 --gid node --shell /bin/bash --create-home node
 
-# gpg keys listed at https://github.com/nodejs/node#release-team
-RUN set -ex \
-  && for key in \
-    "${NODE_KEYS[@]}"
-  ; do \
-    gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
-    gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
-    gpg --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \
-  done
-
 ENV NODE_VERSION 0.0.0
 
 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
@@ -25,6 +15,15 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
     i386) ARCH='x86';; \
     *) echo "unsupported architecture"; exit 1 ;; \
   esac \
+  # gpg keys listed at https://github.com/nodejs/node#release-team
+  && set -ex \
+  && for key in \
+    "${NODE_KEYS[@]}"
+  ; do \
+    gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
+    gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
+    gpg --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \
+  done \
   && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
   && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
   && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \

From ce9b7cd4490ba52d430c6fb7b3eef52799fe2575 Mon Sep 17 00:00:00 2001
From: Peter Dave Hello <hsu@peterdavehello.org>
Date: Thu, 1 Nov 2018 01:06:21 +0800
Subject: [PATCH 2/2] Add missing dependency gnupg & dirmngr in slim template

---
 Dockerfile-slim.template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile-slim.template b/Dockerfile-slim.template
index d4e9f276..4f822af7 100644
--- a/Dockerfile-slim.template
+++ b/Dockerfile-slim.template
@@ -17,7 +17,7 @@ RUN buildDeps='xz-utils' \
       *) echo "unsupported architecture"; exit 1 ;; \
     esac \
     && set -ex \
-    && apt-get update && apt-get install -y ca-certificates curl wget $buildDeps --no-install-recommends \
+    && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr $buildDeps --no-install-recommends \
     && rm -rf /var/lib/apt/lists/* \
     && for key in \
       "${NODE_KEYS[@]}"
@@ -25,7 +25,7 @@ RUN buildDeps='xz-utils' \
       gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
       gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
       gpg --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \
-    done
+    done \
     && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
     && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
     && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \